Priv Sep SSH has / as CWD

Jim Knoble jmknoble at pobox.com
Fri Feb 26 18:14:07 EST 2010


On 2010-02-14 19:32, Damien Miller wrote:

: On Sun, 14 Feb 2010, Jon Kibler wrote:
: 
: > Regarding the sshd listener running in "/" and world readable core
: > files... unfortunately, that is the way that RHEL/CentOS is configured.
: > In the "functions" for init (/etc/init.d/functions), one of the first
: > steps is to set 'umask 022'. I have tried to change this in the past
: > only to have stuff break. I have also tried setting permissions on "/"
: > to 751 and also broke stuff. Thus, for daemons that run with "/" as
: > their home directory, we can get core files in "/" that are world
: > readable. I do not like it, but that is the RHEL environment I have to
: > live with. :-(
: 
: If RHEL drops core files from privileged processes that are world-readable
: then the system has a major security vulnerability independent of sshd. 
: Any system daemon that calls getpw* that can be tricked into segfaulting
: would likely leak password hashes from /etc/shadow (or worse). Have you
: confirmed that core files are indeed world-readable?

Under RHEL (and CentOS) v4 and v5, any service whose initscript uses the
'daemon' function to start the service has 'ulimit -S -c 0' turned on by
default; this sets the softlimit for the size of corefiles to zero.

You're much better off turning off the generation of corefiles to begin
with rather than merely relying on umasks.  Large corefiles can fill
filesystems if enough of them appear.  You can use 'ulimit -S -c 0' in
sshd's initscript with no problems.

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA  >>>>>>  http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)


More information about the openssh-unix-dev mailing list